[Security] Write log for direct call on IP interface

Help
1

1. My Caddy version (caddy -version):

1.0.3

2. How I run Caddy:

On window, run with command “caddy.exe -log log.txt” as startup services

d. My complete Caddyfile:

#Caddyfile

http:// {
	redir / https://{host}{uri}
}

https:// {
	tls self_signed server.crt server.key
	status 444 /

	log / suspicious_access.txt {
		rotate_size     8
		rotate_age      7
		rotate_keep     7
		rotate_compress
		except          /jenkins
	}
	
	errors suspicious_error.txt {
		rotate_size     8
		rotate_age      7
		rotate_keep     7
		rotate_compress
	}
}

server.com:80 {
	redir / https://{host}{uri}
}

server.com:443 {
	gzip
	
	log / access.txt {
		rotate_size     8
		rotate_age      7
		rotate_keep     7
		rotate_compress
		except          /jenkins
	}
	
	errors errors.txt {
		rotate_size     8
		rotate_age      7
		rotate_keep     7
		rotate_compress
	}
	
	proxy /jenkins http://localhost:8080 {
        transparent
    }
	
	rewrite / {
		if {uri} not_starts_with /jenkins
		to /404
	}
	
	status 404 {
		/404
	}
}

3. The problem I’m having:

Using free Bitdefender as window security, it usually show security concern popup for all weird http request when caddy open on port 80. Only if it call on ip interface (http://127.127.127.127:80) and not on serverdomain.com. I try redir all direct http access to error 404 to prevent further popup. It works for “most” of them.

When run caddy with command catch all “-log log.txt” show all external ip address when it access website on direct ip. But it did not show the full URI of GET request.

I was expecting these line would create log file for all access same as command “-log” but it did not

http:// {
        log / access.txt
}

I have no experience nor knowledge in website part. So now I am just curious with how these random IP call work and what it is doing. Anyway to show more detail log would be much appreciated.

2

Hi @VAD,

The -log is a process log. It does not log access requests. It’s for information about the Caddy server process, such as startup information, details of what sites and ports it’s listening on, server panics, etc.

The log directive, like the one you mentioned you tried, is the log you’re looking for. It will log all access requests for the site you’ve added it to.

If you want access logging for everything your Caddy server is serving, you will need to add log / access.txt to every site in your Caddyfile.

3

What if I want to show log for site that caddy is not serving (the request that caddy is denying because it was the request on wrong interface). How do i do that?

Because add “log” directive for default site “http://” is not working for me. It only create empty log file.

4

Because the http:// site will only catch HTTP requests on port 80 that are not caught by any more specific sites in your Caddyfile, the lack of access logging here might be because those requests are being handled by other sites.

Set up a catch-all for the interface in question. Which interface are these requests coming in on?

5

They are on public IP call like “http://112.112.112.112”.
I am using dynamic IP so setup caddy to log static IP interfaces is not what i am looking for.

6

It’s not possible to configure Caddy to log access to a site it is not configured to serve.

If you want access logs for these sites, you need a catch-all with logging configured. The method you described earlier:

Is the correct way to go about that.

If you want access logs for all sites, you will need to configure logging on every single site.

1 Like
7

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.